Jump to content
Forum Rules
Official Modification Forum Rules
GTAMods Wiki
GRAND THEFT AUTO VI INFODUMP DISCUSSION FORUM - TRAILER, SCREENSHOTS, ARTWORK

Malware inside Angry Planes & Noclip Mod

aboutseven

By aboutseven
in GTA V

 Share

Recommended Posts

EddieThePro

EddieThePro

Posted
Posted

 

 

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Some of the files are used by software/programs that are running :)

 

Cheers, I'll stay safe and avoid it for the time being.

 

Regarding your picture: I think that's fine. Mine consists of 'Administrator - ASPNET - Guest - [My Name]

 

 

Thanks mate! Really appriciate it! Have a wonderful sunday!

 

Smiley992

Smiley992

Posted
Posted

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

:) Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine :).

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Temp folder is like the Trash of the pc :D Just delete it all :D and Delete prefetch files as well :)

 

Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright :)

MarshallRawR

MarshallRawR

Posted
Posted

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

 

Guest is an account you can enable or not if someone wants to use your computer

without a password but with limited privileges. They can't access your files too.

BKnight

BKnight

Posted
Posted

 

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

:) Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine :).

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Temp folder is like the Trash of the pc :D Just delete it all :D and Delete prefetch files as well :)

 

Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright :)

 

Yeah, I eventually established this after a quick Google search... Just threw it all in the Recycling Bin.

 

But thanks! I'd recommend it to anyone who is still weary about the virus and any files they could've missed :)

sir_cormac_thunderguts

sir_cormac_thunderguts

Posted
Posted

Probable secuirity fix in Windows 10 (Correct me if i'm not)

If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps :)

 

Here are some images

 

waBhtE6.png

I couldnt find a value in my registry

Zhuocheng Tan

Zhuocheng Tan

Posted
Posted

Probable secuirity fix in Windows 10 (Correct me if i'm not)

If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps :)

 

Here are some images

 

waBhtE6.png

I couldnt find a value in my registry

i couldnt find it on 8.1

bocodamondo

bocodamondo

Posted
Posted

can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords.

 

Igor Bogdanoff

Igor Bogdanoff

Posted
Posted

Nope you have to load into game with asi loader and that asi installed

MonsieurSamuel

MonsieurSamuel

Posted
Posted

can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords.

 

 

No chance that you're affected. The virus-downloading script is only executed when the .asi file is inside GTA's root folder and you've run the game with the .asi inside. You're fine.

TheMuffinManOP

TheMuffinManOP

Posted
Posted (edited)

"can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords."

 

if you did not unrar it or not launch gta 5 you should be ok since it injected the viruses and malware / key loggers when you launched gta 5 change your passwords and run a few scans with malwarebytes an anti virus program

and try tdsskiller it scans for rootkits if you want even more try programs like adwcleaner, hitmanpro, rkill and roguekiller they are some of the best I have them all installed also when you launch after the scan it might ask for an email just put in your email and ignore the

email if you do not offers for the program. Go to " http://www.bleepingcomputer.com/download/windows/" and look at the most downloaded on the left as most downloaded / recommended programs that I have mentioned are there, Hope this helps :)

 

P.S I do not know why the text went while just click and highlight it you will see the text ( it tells you what programs people recommend )

 

Edited by TheMuffinManOP
MarshallRawR

MarshallRawR

Posted
Posted (edited)

Which file?

 

Also if it re-downloaded that means you didn't clean it out well enough.

 

 

That was set to Fade.exe.

Even if the registry was not infected, the initial run of Fade.exe might have happened.

 

 

 

Hello there I was wondering if someone could help me. Can you test and see if this link is safe to download? Are there any viruses, malware or anything bad in there?

 

Thanks :D

 

This is a hack for GTA Online which is not allowed here.

Reported to remove the link, be carefull next time or you might get a sanction from mods.

Also, it'll get you banned anyway.

Edited by MarshallRawR
TheMuffinManOP

TheMuffinManOP

Posted
Posted

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has.

G0nx4

G0nx4

Posted
Posted

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has

As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod.

  • TheMuffinManOP
  • Like 1
ffzero58

ffzero58

Posted
Posted

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

FlyingAce

FlyingAce

Posted
Posted

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

what do red and yellow highlights mean?

ffzero58

ffzero58

Posted
Posted (edited)

 

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

what do red and yellow highlights mean?

 

 

Red: unsigned image (not signed by any recognized authority - if any)

Yellow: missing image (the file the entry is pointing to is missing from the filesystem)

Edited by ffzero58
TheMuffinManOP

TheMuffinManOP

Posted
Posted

 

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has

As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod.

 

well I just had fade too man that sucks I didn't even use noclip only the occasional looking behind a wall for like an easter egg, oh well, thanks for the reply :)

alright, i scanned my PC with malwarebytes too and it said its clean from any init or fade exe.

I recommend more programs since malwarebytes didn't detect it. all it did is detected a "hijack.shallA.gen" and another one I knew about this before this thing even happened I even uni-stalled gta 5 before this happened because I knew

it was gta 5 doing it since every time I run it it would be detected by malwarebytes but it did not completely remove it PLEASE go through the step by step removal guide in this main post and go here : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/

to remove ALL malware from your pc. thanks :)

TheMuffinManOP

TheMuffinManOP

Posted
Posted

FOR ANY ONE ASKING FOR MORE HELP ON REMOVING MALWARE ( sorry for caps ) go here it is an official Reddit post on how to remove malware : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/

 

hope this helps :)

Microbots

Microbots

Posted
Posted

So I'm going through the basics of IDA and the relevant tutorials on youtube. In one of them, it says that you can see the importsand what they use like using like networking.

 

Now I have no idea what ASI files need or how they work when they download viruses. But did Angry Planes mod need that import and would it show up on IDA?

MarshallRawR

MarshallRawR

Posted
Posted

Did it affect windows 8.1 users?

 

I can't find any of the exe files. But I did find one .z file in temp that appeared to be unnamed and had a winrar icon.

 

Of course it affected 8.1 users, pretty much any PC running GTAV with the mod.

Look at your antivirus's quarantine, it might be there already. Also, check the registry. Good luck, pal.

ffzero58

ffzero58

Posted
Posted

Is it possible it stole files and is it possible it copied to other harddrives and infected those .exe files?

 

Yes. The virus stole session/saved passwords of social media sites, steam, etc... It also logged your keystrokes and did all sorts of debauchery on your system. As for your latter question, it does not look like that is the case. Even so, look through your autoruns to see if you have any suspicious entries.

EddieThePro

EddieThePro

Posted
Posted (edited)

So after everything with the viruses, can someone scan the "Ped Riot/Chaos Mode" mod? Link: https://www.gta5-mods.com/scripts/ped-riot-chaos-mode(gta5-mods.com)

 

If someone wants this removed, i'll remove it instantly

Edited by EddieThePro
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.

  I accept